BlueZ: Arbitrary code execution
— GLSA 200903-29

Insufficient input validation in BlueZ may lead to arbitrary code execution
or a Denial of Service.

Affected Packages

Package

net-wireless/bluez-utils on all architectures

Affected versions

< 3.36

Unaffected versions

>= 3.36

Package

net-wireless/bluez-libs on all architectures

Affected versions

< 3.36

Unaffected versions

>= 3.36

Background

BlueZ is a set of Bluetooth tools and system daemons for Linux.

Description

It has been reported that the Bluetooth packet parser does not validate
string length fields in SDP packets.

Impact

A physically proximate attacker using a Bluetooth device with an
already established trust relationship could send specially crafted
requests, possibly leading to arbitrary code execution or a crash.
Exploitation may also be triggered by a local attacker registering a
service record via a UNIX socket or D-Bus interface.